Natural Disasters – Scams
Scammers are very much tuned in to current events and in the case of a natural disasters (such as Australian bushfire), they are quick to capitalise in any way that they can. This could be in the form of setting up fake, but realistic looking websites to solicit donations to aid the victims, or in the form of bogus crowd funding appeals that play on our better nature to donate in the hope of helping out. They would then pocket the donations, steal the card details and then disappear.
However, in the case of the Australian bushfire scam, the site asking for donations was a legitimate site that was running outdated software and was affected by Magecart. This an umbrella term encompassing several different threat groups that operate by adding malicious code to sites. The result being that people who were making donations were having their card information skimmed, taking personal details such as name, billing address, card number and CVV number. In this case there are few things that can be done from the client/donator side, as the onus is more on the side of the company itself to protect against these vulnerabilities by keeping their systems up to date.
What can be done:
- Try to use more well known and professional sites to donate. These should have security teams who keep their systems up to date and are on the lookout for this sort of vulnerability.
- Use up to date and intelligent malware protection on your systems. Many of them have intelligence in the background that is updated for everyone if one user is compromised, just hope you are not the first one. They can also block communication to known malicious domains and IP Addresses.
- There are browser plugins that can disable malicious scrip from running. This is not fool proof, but can act as an additional layer of security.
Ultimately as someone who wants to donate you are relying on the security of the site itself, so if your bank, or another large institution that is geared up for security is offering a facility to donate to these causes, then that could be a better option.
For more information on how to navigate cyber security or how to make sure that your business is safe and secure from outside scammers, do not hesitate to get in touch.